Privacy

What we promise

• Local + cloud, both real. On desktop, every meeting lives as a real folder on your disk — Markdown summary, full transcript, audio, JSON metadata — in addition to the cloud copy. You can open these in Obsidian, drag them to Dropbox, edit them in VS Code. Changes round-trip.
• TLS 1.3 in transit, AES-256 at rest. Audio is encrypted at rest in Cloudflare R2. Everything else is encrypted at rest in Cloudflare D1.
• API keys in your OS keychain on desktop. Encrypted at rest in the cloud for web/mobile.
• No third-party analytics ever see transcript content, audio, summary text, or notes. PostHog/Sentry get crash reports and anonymous usage events only.
• No training on your data — Anthropic and Deepgram are configured with no-train flags.
• One-click full export. Settings → Privacy → Export everything.
• Account deletion that actually deletes. R2 audio purged within 7 days, database within 24h. Your local folder is preserved — it's yours.

Who sees your data

A clear, public list of every third party that ever touches user data:

• Anthropic — AI processing (transcripts + summaries; no-train)
• Deepgram — cloud transcription (no-train)
• Cloudflare — Workers, R2, D1, Vectorize, Queues, KV — all infra
• Clerk — authentication
• voyage-3 (Anthropic) — embeddings for semantic search

BYO keys

Settings → Integrations lets you supply your own Anthropic and/or Deepgram keys. When set, AI calls bill to your accounts. Calls still flow through Note-Taker so we can compose prompts.